Florida Banking February/March 2026

Compliance risk emerges when vendors fail to follow regulatory requirements, and they become your compliance issues. The risk is amplified by black-box AI models that can’t explain their outputs, especially in credit decisioning, where fair lending demands transparency. Operational risk arises when failures in processes or systems disrupt normal operations. The July 2024 CrowdStrike incident showed how a single vendor’s inadequately tested update could cause widespread disruption. When AI-related outages occur within third party platforms, the impact is immediate — and your customers experience it firsthand. Black-box risk carries real regulatory consequences. When lenders rely on opaque, machine-generated algorithms to approve or deny credit, they may be unable to explain or defend those decisions — creating significant fair lending risk even when discrimination is unintentional. Building Your Defense Start by making transparency non-negotiable. Whether you’re onboarding a new vendor or reassessing an existing one, you need clear, direct answers about how AI is used. What data trains the models? How are decisions made? What controls exist to detect and mitigate bias? If a vendor hesitates, anchor the conversation in shared exposure — regulators will hold both parties accountable. Next, look at your contracts. Vendor agreements should require documentation of AI decision-making processes, data sources, training methods, and bias monitoring practices. If existing contracts predate widespread AI use, don’t wait for renewal. Negotiate addenda to close visibility and control gaps. Ongoing oversight also matters. For higher-risk vendors, schedule quarterly reviews to confirm what’s changed — new AI features, security incidents, or shifts in data handling. Lower-risk vendors should still be reviewed annually. During onboarding, apply rigorous due diligence by collecting SOC reports, incident response plans, compliance certifications, financials and documentation that explains not just what the system does but how it works. Finally, ensure AI augments — not replaces — human judgment. Keep subject-matter experts involved,

test models regularly for bias and drift, and maintain accountability for decisions that carry regulatory or customer impact. Maintaining a Healthy Risk Appetite While Maximizing Strategic Value Managing risk is essential, but it isn’t the whole story. When deployed intentionally, AI can create strategic value. The key is aligning its use with your institution’s risk tolerance and operational realities. Your board-approved risk appetite should anchor decisions about AI and third-party relationships. A well-defined risk appetite statement sets boundaries across lending, technology, and operations — and should explicitly address where and how AI is acceptable. That guidance matters because AI introduces tradeoffs. For example, AI in credit scoring can speed up decisions and surface creditworthy borrowers that traditional models might overlook. But if outputs are flawed or discriminatory, the exposure is immediate. A clear risk appetite helps determine where AI adds value and where risk outweighs reward. Beyond risk management, third-party AI can deliver measurable operational benefits. Predictive analytics can reveal underserved markets and inform product strategy. Automated contract review reduces manual effort while improving consistency. AI-enabled customer service can handle routine inquiries, freeing staff to focus on complex, high-touch issues. Used thoughtfully, AI supports efficiency and growth without The banks that succeed in 2026 and beyond won't reject AI or adopt it without discipline. They'll move deliberately, weighing opportunity against risk and staying focused on serving customers and communities well. AI isn’t going away. The question is whether your bank will harness its value and protect what matters most: your bottom line and your customers’ trust. compromising control. The Path Forward

WWW.FLORIDABANKERS.COM FEBRUARY/MARCH 26 | 13